OGC 11-017 6 Copyright © 2007-2011 Open Geospatial Consortium 5 Conventions

5.1 Symbols and abbreviated terms

1D One Dimensional 2D Two Dimensional 3D Three Dimensional GeoXACML Geospatial eXtensible Access Control Markup Language GeoDRM Geospatial Digital Rights Management GeoDRM-RM Geospatial Digital Rights Management – Reference Model GML Geography Markup Language ISO International Organization for Standardization OASIS Organization for the Advancement of Structured Information Standards OGC Open Geospatial Consortium OWS OpenGIS Web Services PAP Policy Administration Point PDP Policy Decision Point PEP Policy Enforcement Point PIP Policy Information Point SAML Security Assertion Markup Language SOA Service Oriented Architecture UML Unified Modeling Language XACML eXtensible Access Control Markup Language XML eXtensible Markup Language OGC 11-017 Copyright © 2007-2011 Open Geospatial Consortium 7

5.2 UML Notation

The diagrams that appear in this standard are presented using the Unified Modelling Language UML static structure diagram. The UML notations used in this standard are described in the diagram below. Association between classes role-1 role-2 Association Name Class 1 Class 2 Association Cardinality Class Only one Class Zero or more Class Optional zero or one 1.. Class One or more n Class Specific number Aggregation between classes Aggregate Class Component Class 1 Component Class 2 Component Class n ………. 0.. 0..1 Class Inheritance subtyping of classes Superclass Subclass 1 ………….. Subclass 2 Subclass n Figure 1 — UML notation OGC 11-017 8 Copyright © 2007-2011 Open Geospatial Consortium 6 Brief Introduction to XACML informative It is the intention of this chapter to give a brief informative introduction of XACML as defined in [1], before GeoXACML is defined in the next chapters. A short primer on XACML is available as a Technology Report at the OASIS Cover Pages; see [8] for more information. The XACML standard can be separated into two main sections, which are introduced in more detail in the following sections: i Policy Language and Authorization Model as well as ii Information Flow Model.

6.1 Policy Language Model and Authorization

The XACML Policy Language Model defines an XML encoding for expressing general purpose access restrictions and extension points to define your own Attribute Values, Functions, etc. The entire set of access restrictions defines an XACML Policy. The Policy is structured, according to the following UML diagram see Figure 2. The top level element is the PolicySet. It can host zero or more PolicySet elements, which can be included inline or by reference. This powerful feature allows the reuse of pre-defined policy segments as well as the integration of multiple policies. Each PolicySet element can host one or more Policy elements, which is the container for a set of Rule elements. Inside the Rule element, conditions can be formed to express complex access restrictions, using the Condition element. Each PolicySet, Policy and Rule element have a Target element, which can be used to define simple matching conditions for the Subject, Action, Resource and Environment. This allows the effective structuring of a policy into sub-trees, which eases the maintenance of rights defined in a policy. On the other hand, the simple matching in a Target element ensures fast decision making, when it comes to deriving an authorization decision. The flexible matching of Subjects in the Target element supports direct association of access rights to subjects or roles, as defined in the RBAC profile of XACML “Core and hierarchical role based access control RBAC profile of XACML v2.0”,[6]. In order to derive an authorization decision i.e. XACML authorization decision for a given request, the XACML policy is traversed from the top i.e. PolicySet element to the leaves i.e. Rule elements. For all matching Rule elements, their Effect i.e. Permit or Deny is taken as the most basic driver for the authorization decision. By traversing up the policy the effects of all Rules – associated to a Policy element – are combined using the RuleCombiningAlgorithm. The resulting effects of all Policy elements are matched on the next highest level, until reaching the top PolicySet OGC 11-017 Copyright © 2007-2011 Open Geospatial Consortium 9 element; the PolicyCombiningAlgorithm creates the final effect of the entire policy, which represents the authorization decision. The XACML Policy Language defines four different results for the authorization decision: i Permit, ii Deny, iii Indeterminate and iv NotApplicable. Finally, the process of deriving an authorization decision can result in an error, which is documented as additional information in the Decision element. In addition, the decision can be “Permit with Obligation”, which can be expressed in the Obligation element, attached to the Policy or PolicySet element. 1 0.. 1 0.. 1 0.. Condition Target Rule 1 0..1 Policy 1 1 Obligation 1 1 1 0.. 1 0.. Action Resource Subject PolicySet 1 0.. 1 1 Policy Combining Alogorithm Rule Combining Algorithm 1 0.. 1 0..1 1 1 Effect 1 1 Environment 1 0.. 1 0.. Figure 2 — XACML Policy Language Model OGC 11-017 10 Copyright © 2007-2011 Open Geospatial Consortium

6.2 Information Flow Model